In recent years, development of the Internet is helping spread cloud computing that disposes a number of servers over data centers on the Internet and provides users with services. In cloud computing, various services and data are disposed on the servers. A user device, which is a device possessed by a user, is used to access the server to enjoy the services. In this case, the user device is a client, and specifically, a personal computer, a mobile terminal, a household appliance and the like. The user device plays a role merely as a viewer for using the data and services on cloud.
Meanwhile, there are cases in recent years in which the device possessed by the user itself plays a role of providing the services. For example, a network video recorder may include a Web server function. In this case, access via HTTP (Hyper Text Transfer Protocol) enables the user to schedule a recording remotely or enjoy playing a recorded program. Alternatively, there could be increasing usage in the future in which the sensor device around the user has a server function and accessed by the cloud side.
When the user device is used as a service provider side, the user device needs to be accessed from the Internet side. However, there are some issues in this regard. First, the user device is not necessarily connected to the Internet directly. Take a home network for example, in most cases, these devices are connected under a NAT (Network Address Translator) router and often cannot be connected directly via the Internet.
Second, even when the user device can be connected via the Internet, an IP address of the user device is often not fixed, thereby making it difficult for a connection source to identify the device to be connected.
Patent literature 1 discloses a method as one method to solve this. In patent literature 1, a server is disposed on the Internet to be a relay apparatus, and a user device establishes a tunnel such as VPN with the server. The connection source will not be connected directly to the user device but is connected to this server and accesses the user device via the tunnel from the server.
According to the method disclosed in patent literature 1, the user device can be connected from the Internet side, and the services offered by the user device can be used. Moreover, in the method according to patent literature 1, the device is authenticated when the user device is connected to a gateway. Patent literature 1 further presents a method for authenticating an accessing side to this user device remotely and denying access from an unauthorized user.